Report - lovelydownloads.com/?rzi=6517021&rsz=6517021&rid=

Report Overview

Visited public
2024-08-16 19:12:28
Tags
URL
lovelydownloads.com/?rzi=6517021&rsz=6517021&rid=
Finishing URL
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
IP / ASN
104.21.21.5
#13335 CLOUDFLARENET
Title
Lust Goddes

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
my.rtmark.net	9054	507 B	680 B	139.45.195.8
lustgoddess.buzz	unknown	727 B	2.8 kB	94.130.72.48
twistconcept.com	unknown	445 B	1.3 kB	104.21.86.46
r11.o.lencr.org	unknown	2.0 kB	5.3 kB	23.36.76.249
r10.o.lencr.org	unknown	981 B	2.7 kB	23.36.76.226
theeverydaygame.com	unknown	9.4 kB	536 kB	104.21.58.193
ln.gamesrevenue.com	117740	406 B	16 kB	5.161.79.44
click.hooligs.app	unknown	614 B	3.3 kB	188.114.96.1
confusingepisodevest.com	unknown	3.9 kB	6.1 kB	94.242.247.28
ocsp.r2m03.amazontrust.com	unknown	338 B	942 B	54.230.218.11
proftrafficcounter.com	unknown	466 B	773 B	35.157.218.37
experttrafficmonitor.com	unknown	647 B	510 B	35.157.218.37

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-16	medium	experttrafficmonitor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	theeverydaygame.com/awpx_click.js?v=005	ScriptElement	1.5 kB	2023-03-26	2025-05-12
Pretty URL theeverydaygame.com/awpx_click.js?v=005 IP 104.21.58.193 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 01:11 Last Seen2025-05-12 23:35 Times Seen1611 Hash 7aeb87811ad3a82fde3e2783544819ee d1d9174cbcbb1abdccee6841f170ba21f899925b 7fff603702e9bea03cf47ba47947bb7f8655eb7fcb1c8f7091e9a38d8f5d949c Loading...

	theeverydaygame.com/lg/lg_0324/land_lg_140324_en/libs/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-06-08
Pretty URL theeverydaygame.com/lg/lg_0324/land_lg_140324_en/libs/jquery.min.js IP 104.21.58.193 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-08 03:36 Times Seen59194 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	ln.gamesrevenue.com/px1.js	ScriptElement	15 kB	2023-12-23	2025-05-21
Pretty URL ln.gamesrevenue.com/px1.js IP 5.161.79.44 ASN #213230 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-23 09:34 Last Seen2025-05-21 06:16 Times Seen1601 Hash b01fc426cbc4f33a52a28ee9ca2e2050 577332c8c5f62167ad432c5d20b3ca285e75c91e d40fc3bebe2dc3c28f08f2f4f5a6059425ccc5541ada3f0945f7539e90374441 Loading...

	theeverydaygame.com/lg/lg_0324/land_lg_140324_en/scripts/main.js	ScriptElement	521 B	2023-12-02	2025-05-12
Pretty URL theeverydaygame.com/lg/lg_0324/land_lg_140324_en/scripts/main.js IP 104.21.58.193 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 02:07 Last Seen2025-05-12 23:35 Times Seen860 Hash 86f0754abfb6014908e557e6e268f3e2 4efa8a0c962e30bb7e314ad37a3f2c55b91052e6 70910209572bcf5a0ba1022d53bb9fe24d82ed842370c70234994dd2b29ba1a9 Loading...

	twistconcept.com/index.min.js?pk=28407dccfb372e83ee9d49a69f097187	ScriptElement	653 B	2023-11-23	2025-01-19
Pretty URL twistconcept.com/index.min.js?pk=28407dccfb372e83ee9d49a69f097187 IP 104.21.86.46 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 14:59 Last Seen2025-01-19 21:32 Times Seen795 Hash 2058d53d084116ff3d36c8a630556710 8bcd226cf5ddb64be846ad645360638e82269097 6af3e3bd3016f5762e3dc3dbd8fc7bbf00f4ec9349bee71a23bbe5547dcffd1e Loading...

HTTP Transactions (35)

URL IP Response Size

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
686480d25645ac2aca7a99974693a82f
55ca9d53bd758d2afc75e8a9b59c656ff26a3f70
8902058e383c2f43751417e1af1d582f7a16ce0b6fc180ab20cbc76c4b00f914

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8902058E383C2F43751417E1AF1D582F7A16CE0B6FC180AB20CBC76C4B00F914"
Last-Modified: Wed, 14 Aug 2024 12:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7789
Expires: Fri, 16 Aug 2024 21:21:50 GMT
Date: Fri, 16 Aug 2024 19:12:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9fca859eba50e585d7c1550a61d33bc3
a33940f9c83807660f212e5ff511fe28e0413c0d
08afcf8f1ad63cfd72b781cf4c69900e3fd266ee46389de3918570cf5d682f30

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "08AFCF8F1AD63CFD72B781CF4C69900E3FD266EE46389DE3918570CF5D682F30"
Last-Modified: Fri, 16 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11610
Expires: Fri, 16 Aug 2024 22:25:31 GMT
Date: Fri, 16 Aug 2024 19:12:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d209e16679910b467c26590a0073236
ddd59fa6902b498e9c0cfb22e342757f954789d0
9ef3dab56215a67804db0e12d33772a1902f5914b788530717712902a294bcb5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9EF3DAB56215A67804DB0E12D33772A1902F5914B788530717712902A294BCB5"
Last-Modified: Wed, 14 Aug 2024 21:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14260
Expires: Fri, 16 Aug 2024 23:09:41 GMT
Date: Fri, 16 Aug 2024 19:12:01 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
75f615f839dbf8cd2f4a3d58e44455f2
362b7a7d5cbe41d8a42cecec4ee755af0e07ddaf
2c4833330979b96ed12b3480367f00be397e9f9ccb35a088e7c79e92eb26cae4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2C4833330979B96ED12B3480367F00BE397E9F9CCB35A088E7C79E92EB26CAE4"
Last-Modified: Fri, 16 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11257
Expires: Fri, 16 Aug 2024 22:19:38 GMT
Date: Fri, 16 Aug 2024 19:12:01 GMT
Connection: keep-alive

confusingepisodevest.com/dupa.gif?z=462966&abvar=0&cti=0&prpsrc={prpsrc}&fdl=1&os=0&fn=2&md=0&rlp=[0,1,127,107,6,220,51,63]&tz=UTC&pt=SnkL9kcTG9hZGluZy4uLg&x=1280&afid=3209198028620800&zoneid=462966&nojs=0&cd=24&y=1024&pb=a4018d35d1898eb2e7429fa4b66bcaf91723842721&var=6517021&t=0&wgl=0&ss=1&bb=0&im=1&pload=765&cnvs=1&ls=1&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&ix=0&psu=LDPBMscaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MTcwMjEmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUxNzAyMQ&eclog=0&febuild=1.0.314&wcks=1&psp=2rNvReGht7ryqFQ8MxCfD5ZoWbY2mqxKCY6RpQPAQQzmtMWcdZ5LIKBkVTU6r35xL4Aydg2AjXTpssxrXZWoihDrPxgx_LaHrS8MS2DXeKzvBY5sfqp8rEoeKcNuxwDvstzpmpMkhYO6v77se2fHty4HJGQAwUdi-Gz1mnW2hgEBjZO2Bfb-GN-reRHlm3axtdvoshm0FCBKL3Slilcwe_m2xCFs8GFZMLL_cL0Bxn-xYN7rj9WmHqp6w0jvDd8EN3w9mFQH1UDHVycGS8QZbTbD5TSAv7b-PA3CRmFuHJYqU64UaISOqCRK8zgl5q1eg2FQtnMcG_hAOrA8GFxR7Knat1JNMIfVPBSzgRNYT4xiFMPGTmmkYYhDdWUBSBUp-vqg_tXndI0P2IwMj_63Kbqm4RZWMK7vG7rexqsFdO7Blz6WZgot4RXwkiQBQXbkC99oL_QJeZoKUujbwekr5adbl9-7b_yuelSWj8GYV0TvjF_Qcx6lGHKvim7JEKsWdxp_rLBSok2kCZQjJgVHBul4BCi4hnl4auoaEn4igxwSRyUeFDaXxHMP3FOYUvboKQpBqg_MkxpNylYR6sRfKkWJ_84e-LpWu-aPEM13kYHOCZ6vUQ7Qy1iZp82Cuj3f-80-Nd_0dDPWplLJ5pe-CfUMR2347MuNNsdk2aIzdamFw9T8V7Y31v9g_QR_GittHfidJOwiTLX9i4QTL__lglublZWeA-LHUZM0KTg9VwSXRcL0Nwo_y4w6Qa0p-V5Epnr5VD229KLwaA2z0OxMJQC1Ky3L7w1eqkPmpeL6v06UYBOxpEPEn4umvNe9lehAqbihzbTtk1NKnac_xz-x09Bd9a-tBLQ_fXVVtV6a85mnENdu1NZVBBv1bRbSlaAzYQSYuLIOYNfS-79prc0b2trUqtChkSZcPkE4YMd5LhBRX0LEgEX9-g3nLrPF9m_8S2822ynSo4Np__07KPI-BuO2o2QSxzxsF8SGuXjn8hiwaGXikVqp5my2SPrFi57wMgRcQW2lhbWELQIhnBAKs13ik1mIZZ4Vp_n3rdI8sEkLHnFYExZUaXAfHkekkmrI0_wpqe4tJM_plCFs3-RJGPFSFCYVv8_GXK_kGP5sSTSH_AU=&pload=76&rlp=%5B0%2C0%2C0%2C0%2C2%2C0%2C21%2C0%5D&bb=0

94.242.247.28

43 B

URL
confusingepisodevest.com/dupa.gif?z=462966&abvar=0&cti=0&prpsrc={prpsrc}&fdl=1&os=0&fn=2&md=0&rlp=[0,1,127,107,6,220,51,63]&tz=UTC&pt=SnkL9kcTG9hZGluZy4uLg&x=1280&afid=3209198028620800&zoneid=462966&nojs=0&cd=24&y=1024&pb=a4018d35d1898eb2e7429fa4b66bcaf91723842721&var=6517021&t=0&wgl=0&ss=1&bb=0&im=1&pload=765&cnvs=1&ls=1&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&ix=0&psu=LDPBMscaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MTcwMjEmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUxNzAyMQ&eclog=0&febuild=1.0.314&wcks=1&psp=2rNvReGht7ryqFQ8MxCfD5ZoWbY2mqxKCY6RpQPAQQzmtMWcdZ5LIKBkVTU6r35xL4Aydg2AjXTpssxrXZWoihDrPxgx_LaHrS8MS2DXeKzvBY5sfqp8rEoeKcNuxwDvstzpmpMkhYO6v77se2fHty4HJGQAwUdi-Gz1mnW2hgEBjZO2Bfb-GN-reRHlm3axtdvoshm0FCBKL3Slilcwe_m2xCFs8GFZMLL_cL0Bxn-xYN7rj9WmHqp6w0jvDd8EN3w9mFQH1UDHVycGS8QZbTbD5TSAv7b-PA3CRmFuHJYqU64UaISOqCRK8zgl5q1eg2FQtnMcG_hAOrA8GFxR7Knat1JNMIfVPBSzgRNYT4xiFMPGTmmkYYhDdWUBSBUp-vqg_tXndI0P2IwMj_63Kbqm4RZWMK7vG7rexqsFdO7Blz6WZgot4RXwkiQBQXbkC99oL_QJeZoKUujbwekr5adbl9-7b_yuelSWj8GYV0TvjF_Qcx6lGHKvim7JEKsWdxp_rLBSok2kCZQjJgVHBul4BCi4hnl4auoaEn4igxwSRyUeFDaXxHMP3FOYUvboKQpBqg_MkxpNylYR6sRfKkWJ_84e-LpWu-aPEM13kYHOCZ6vUQ7Qy1iZp82Cuj3f-80-Nd_0dDPWplLJ5pe-CfUMR2347MuNNsdk2aIzdamFw9T8V7Y31v9g_QR_GittHfidJOwiTLX9i4QTL__lglublZWeA-LHUZM0KTg9VwSXRcL0Nwo_y4w6Qa0p-V5Epnr5VD229KLwaA2z0OxMJQC1Ky3L7w1eqkPmpeL6v06UYBOxpEPEn4umvNe9lehAqbihzbTtk1NKnac_xz-x09Bd9a-tBLQ_fXVVtV6a85mnENdu1NZVBBv1bRbSlaAzYQSYuLIOYNfS-79prc0b2trUqtChkSZcPkE4YMd5LhBRX0LEgEX9-g3nLrPF9m_8S2822ynSo4Np__07KPI-BuO2o2QSxzxsF8SGuXjn8hiwaGXikVqp5my2SPrFi57wMgRcQW2lhbWELQIhnBAKs13ik1mIZZ4Vp_n3rdI8sEkLHnFYExZUaXAfHkekkmrI0_wpqe4tJM_plCFs3-RJGPFSFCYVv8_GXK_kGP5sSTSH_AU=&pload=76&rlp=%5B0%2C0%2C0%2C0%2C2%2C0%2C21%2C0%5D&bb=0
IP
94.242.247.28:0
ASN
#0

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

POST /dupa.gif?z=462966&abvar=0&cti=0&prpsrc={prpsrc}&fdl=1&os=0&fn=2&md=0&rlp=[0,1,127,107,6,220,51,63]&tz=UTC&pt=SnkL9kcTG9hZGluZy4uLg&x=1280&afid=3209198028620800&zoneid=462966&nojs=0&cd=24&y=1024&pb=a4018d35d1898eb2e7429fa4b66bcaf91723842721&var=6517021&t=0&wgl=0&ss=1&bb=0&im=1&pload=765&cnvs=1&ls=1&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&ix=0&psu=LDPBMscaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MTcwMjEmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUxNzAyMQ&eclog=0&febuild=1.0.314&wcks=1&psp=2rNvReGht7ryqFQ8MxCfD5ZoWbY2mqxKCY6RpQPAQQzmtMWcdZ5LIKBkVTU6r35xL4Aydg2AjXTpssxrXZWoihDrPxgx_LaHrS8MS2DXeKzvBY5sfqp8rEoeKcNuxwDvstzpmpMkhYO6v77se2fHty4HJGQAwUdi-Gz1mnW2hgEBjZO2Bfb-GN-reRHlm3axtdvoshm0FCBKL3Slilcwe_m2xCFs8GFZMLL_cL0Bxn-xYN7rj9WmHqp6w0jvDd8EN3w9mFQH1UDHVycGS8QZbTbD5TSAv7b-PA3CRmFuHJYqU64UaISOqCRK8zgl5q1eg2FQtnMcG_hAOrA8GFxR7Knat1JNMIfVPBSzgRNYT4xiFMPGTmmkYYhDdWUBSBUp-vqg_tXndI0P2IwMj_63Kbqm4RZWMK7vG7rexqsFdO7Blz6WZgot4RXwkiQBQXbkC99oL_QJeZoKUujbwekr5adbl9-7b_yuelSWj8GYV0TvjF_Qcx6lGHKvim7JEKsWdxp_rLBSok2kCZQjJgVHBul4BCi4hnl4auoaEn4igxwSRyUeFDaXxHMP3FOYUvboKQpBqg_MkxpNylYR6sRfKkWJ_84e-LpWu-aPEM13kYHOCZ6vUQ7Qy1iZp82Cuj3f-80-Nd_0dDPWplLJ5pe-CfUMR2347MuNNsdk2aIzdamFw9T8V7Y31v9g_QR_GittHfidJOwiTLX9i4QTL__lglublZWeA-LHUZM0KTg9VwSXRcL0Nwo_y4w6Qa0p-V5Epnr5VD229KLwaA2z0OxMJQC1Ky3L7w1eqkPmpeL6v06UYBOxpEPEn4umvNe9lehAqbihzbTtk1NKnac_xz-x09Bd9a-tBLQ_fXVVtV6a85mnENdu1NZVBBv1bRbSlaAzYQSYuLIOYNfS-79prc0b2trUqtChkSZcPkE4YMd5LhBRX0LEgEX9-g3nLrPF9m_8S2822ynSo4Np__07KPI-BuO2o2QSxzxsF8SGuXjn8hiwaGXikVqp5my2SPrFi57wMgRcQW2lhbWELQIhnBAKs13ik1mIZZ4Vp_n3rdI8sEkLHnFYExZUaXAfHkekkmrI0_wpqe4tJM_plCFs3-RJGPFSFCYVv8_GXK_kGP5sSTSH_AU=&pload=76&rlp=%5B0%2C0%2C0%2C0%2C2%2C0%2C21%2C0%5D&bb=0 HTTP/1.1
Host: confusingepisodevest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=24081614122caba25f2f6a46848463da2c3d; UGVyc2lzdFN0b3JhZ2U=%7B%7D; OACCAP=AC5tmAAAAAAAAAAB; OACBLOCK=AC5tmAAAAABmv4WQ; TUCAP=66Mb%2BwAAAAAAAAAB; TUBLOCK=66Mb%2BwAAAABmv6Gw; OXCCLK=AC5tmAAAAAAAAAAB; OXPCLK=AAH5DwAAAAAAAAAB; ppucnt=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 16 Aug 2024 19:12:02 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.redirect-pixel
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

confusingepisodevest.com/r/dir?zoneid=462966&var=6517021&pb=a4018d35d1898eb2e7429fa4b66bcaf91723842721&psp=zTUWkJ7_5aYWpwpqmZ9KJdAh9AUf4edp8qzm4j6rt2EKRKyQ78oa7tPXmr6ABiagoK7JICzdnJ8oM-W09JDJ7W9-o77AeZsmWa-uxKV2Bwz77tLJs2XM1r2-Igd9riTf_8sZuwYwqMcmLJartuKicA6kmUFPzXyAEl4jz0_Qxda2lVnoM2sRbAHPUavR30zU2jJv-U_fi1KKEzFjtHdoBpxOjWFoS7OitHUG9U0UZABcaOelEaCH5IgY&prpsrc={prpsrc}&fdl=1&nojs=0&abvar=0&febuild=1.0.314&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=2&pt=SnkL9kcTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&psu=LDPBMscaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MTcwMjEmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUxNzAyMQ&afid=3209198028620800&eclog=0&im=1&pload=765&rlp=%5B0%2C1%2C127%2C107%2C6%2C220%2C51%2C63%5D

94.242.247.28

200 OK

3.8 kB

URL User Request GET HTTP/2
confusingepisodevest.com/r/dir?zoneid=462966&var=6517021&pb=a4018d35d1898eb2e7429fa4b66bcaf91723842721&psp=zTUWkJ7_5aYWpwpqmZ9KJdAh9AUf4edp8qzm4j6rt2EKRKyQ78oa7tPXmr6ABiagoK7JICzdnJ8oM-W09JDJ7W9-o77AeZsmWa-uxKV2Bwz77tLJs2XM1r2-Igd9riTf_8sZuwYwqMcmLJartuKicA6kmUFPzXyAEl4jz0_Qxda2lVnoM2sRbAHPUavR30zU2jJv-U_fi1KKEzFjtHdoBpxOjWFoS7OitHUG9U0UZABcaOelEaCH5IgY&prpsrc={prpsrc}&fdl=1&nojs=0&abvar=0&febuild=1.0.314&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=2&pt=SnkL9kcTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&psu=LDPBMscaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MTcwMjEmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUxNzAyMQ&afid=3209198028620800&eclog=0&im=1&pload=765&rlp=%5B0%2C1%2C127%2C107%2C6%2C220%2C51%2C63%5D
IP
94.242.247.28:443
ASN
#0

Certificate
IssuerBuypass AS-983163327
Subject
FingerprintAE:E3:40:88:81:BD:4E:25:E4:78:DA:27:58:C1:0F:1F:64:D8:D6:D0
ValidityFri, 17 May 2024 15:29:44 GMT - Tue, 12 Nov 2024 22:59:00 GMT

File type
HTML document, ASCII text, with very long lines (8064)
Size
3.8 kB (3834 bytes)
Hash
f7f5170e2d580eed3a16c4a5bc39e314
c50fde8e7fb60fafcd1536f2d44622be34f99c1d
4ffa2c0067e7ec078d8aedf643b262fe2b92c55b4cc045716a316fa8c6df2821

HTTP Headers

GET /r/dir?zoneid=462966&var=6517021&pb=a4018d35d1898eb2e7429fa4b66bcaf91723842721&psp=zTUWkJ7_5aYWpwpqmZ9KJdAh9AUf4edp8qzm4j6rt2EKRKyQ78oa7tPXmr6ABiagoK7JICzdnJ8oM-W09JDJ7W9-o77AeZsmWa-uxKV2Bwz77tLJs2XM1r2-Igd9riTf_8sZuwYwqMcmLJartuKicA6kmUFPzXyAEl4jz0_Qxda2lVnoM2sRbAHPUavR30zU2jJv-U_fi1KKEzFjtHdoBpxOjWFoS7OitHUG9U0UZABcaOelEaCH5IgY&prpsrc={prpsrc}&fdl=1&nojs=0&abvar=0&febuild=1.0.314&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=2&pt=SnkL9kcTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&psu=LDPBMscaHR0cHM6Ly9jb25mdXNpbmdlcGlzb2RldmVzdC5jb20vYWZ1LnBocD9pZD00NjI5NjYmdmFyPTY1MTcwMjEmcHJwc3JjPSU3QnBycHNyYyU3RCZyc3o9NjUxNzAyMQ&afid=3209198028620800&eclog=0&im=1&pload=765&rlp=%5B0%2C1%2C127%2C107%2C6%2C220%2C51%2C63%5D HTTP/1.1
Host: confusingepisodevest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=24081614122caba25f2f6a46848463da2c3d; UGVyc2lzdFN0b3JhZ2U=%7B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 16 Aug 2024 19:12:02 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-route-id: redirect.dl
referrer-policy: no-referrer
x-trace: TZsqCDV75AhmHMA8-7vakeBCUO5kmsVbgcSv_sy833VVdxdfpVp9PUV6NMDbhn7nVZKy_kDs
set-cookie: CHCK=1; Path=/; Expires=Fri, 19 Sep 2025 19:12:02 GMT; Secure; SameSite=None
OACCAP=AC5tmAAAAAAAAAAB; Path=/; Expires=Sun, 15 Sep 2024 19:12:02 GMT; Secure; SameSite=None
OACBLOCK=AC5tmAAAAABmv4WQ; Path=/; Expires=Sun, 15 Sep 2024 19:12:02 GMT; Secure; SameSite=None
TUCAP=66Mb%2BwAAAAAAAAAB; Path=/; Expires=Sun, 15 Sep 2024 19:12:02 GMT; Secure; SameSite=None
TUBLOCK=66Mb%2BwAAAABmv6Gw; Path=/; Expires=Sun, 15 Sep 2024 19:12:02 GMT; Secure; SameSite=None
OXCCLK=AC5tmAAAAAAAAAAB; Path=/; Expires=Sat, 17 Aug 2024 19:12:02 GMT; Secure; SameSite=None
OXPCLK=AAH5DwAAAAAAAAAB; Path=/; Expires=Sat, 17 Aug 2024 19:12:02 GMT; Secure; SameSite=None
ppucnt=1; Path=/; Expires=Sat, 17 Aug 2024 19:12:02 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/btn1.png

104.21.58.193

200 OK

6.9 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/btn1.png
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
PNG image data, 339 x 207, 8-bit colormap, non-interlaced
Size
6.9 kB (6866 bytes)
Hash
a67051906425835b13dc4292c6fe2ef7
c96b01fb21c60a17fad9e89f235fdb8809ffc43d
f000409df7dd5222fc51cc35113519a133596c011f61bc5a7f65f9dcd2843a37

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/btn1.png HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/png
content-length: 6866
last-modified: Tue, 12 Mar 2024 16:35:33 GMT
etag: "65f08455-1ad2"
cache-control: max-age=14400
cf-cache-status: HIT
age: 469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WDxOfO3mdod68QIw6IE%2F8itLMH9jYg2FCt9byl%2FRmfanVD92es73EDKX0ML84HG8Mym1LprmhCAPgLMGLsXAfNx%2BJZ76aF1AQNrSJusfQRqZU3wi6wCr3TXDnk0duh4oE%2F4VD9tu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd4bf1f56a5-OSL
alt-svc: h3=":443"; ma=86400

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/btn2.png

104.21.58.193

200 OK

9.8 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/btn2.png
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
PNG image data, 339 x 207, 8-bit colormap, non-interlaced
Size
9.8 kB (9771 bytes)
Hash
8c7c430e736c07b069cf61a2870c7254
a1b6cf722997131aa569f2214df2ce8a9e6e5630
42269355807fe5c4d7dabbccff1cc602725b5ffccae86759412219b83198a180

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/btn2.png HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/png
content-length: 9771
last-modified: Tue, 12 Mar 2024 16:35:33 GMT
etag: "65f08455-262b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uWoHqi3TnocBwYqOAvhMdzlfry7DfFB13w%2B6RVnRGRE4y1Wxp9RyWBx7oTITFIfBsuSw6SWniAO0QSGdUfiSaySWf3lFfWO2LCaGE7FHizVjz2AKA4xjslHNFtMSMiYbNkSKkapM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd4bf2756a5-OSL
alt-svc: h3=":443"; ma=86400

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b35077e566f0beaf66bbb9e543fd135f
cde33f3c0ace713eff137e33034dd76e3573089c
378bb9ab930627a8a1b5a889d211da9150d940d5b3f50ae296a56279f0424d2b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "378BB9AB930627A8A1B5A889D211DA9150D940D5B3F50AE296A56279F0424D2B"
Last-Modified: Fri, 16 Aug 2024 07:35:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14097
Expires: Fri, 16 Aug 2024 23:07:00 GMT
Date: Fri, 16 Aug 2024 19:12:03 GMT
Connection: keep-alive

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g1_close.jpg

104.21.58.193

200 OK

40 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g1_close.jpg
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x1071, components 3
Size
40 kB (40179 bytes)
Hash
3d830c378aa76c9caa82a73805459893
4a48546372f2ef6311cbed974d536273bcfdd711
8d88b039c0e88133bd2f53dc2fef48ea2d8bdae4eb6e3162fec9db714f97adea

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/g1_close.jpg HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/jpeg
content-length: 40179
last-modified: Tue, 12 Mar 2024 16:35:33 GMT
etag: "65f08455-9cf3"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6956
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j1iXT4S4xjyAnXwP7P6DC9eDNVlzBFdj6AX2cv%2Bu54%2B5uPRfWejiW60Cs4EyllWeYjPX9kEzeNk6Vzc2hY%2BWXKO%2F%2BeYYqxTW6ePnIjpwYHrFEsYIjUtqY2UIlWDQbyqIXNpnubO6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd6fb0e56a5-OSL
alt-svc: h3=":443"; ma=86400

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g3_open.jpg

104.21.58.193

200 OK

63 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g3_open.jpg
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x1071, components 3
Size
63 kB (63206 bytes)
Hash
d837068776c28a251131d2c0138c5db4
bc8d3e395fa77a6b801f13d1c22ff159776cc430
a8364b19810c700ee3899c55089ca678291758ee0d62dbad821e2a6d73b08c93

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/g3_open.jpg HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/jpeg
content-length: 63206
last-modified: Tue, 12 Mar 2024 16:35:35 GMT
etag: "65f08457-f6e6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6956
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xXA0TCv8D4s14Zr4OZtVX75XumaaujIn83w5VvWib1MHnnQI877bBZSzpbEy4kLjh7jj%2FN2dZuROM8unMQEoekPs9vSTq34ywqq7Y6XuyWw2qXHLLnc6Q%2BVYJHYq1k1OsZWPkKc7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd70b2556a5-OSL
alt-svc: h3=":443"; ma=86400

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g3_close.jpg

104.21.58.193

200 OK

41 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g3_close.jpg
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x1071, components 3
Size
41 kB (40609 bytes)
Hash
aa7031c41077d720cfc935e8de98de95
47aaf9ec464983016d35bb8150928c7f96cdff8c
6a49dc8fe71fafd7db501c43d96537be26a508a2c8a932ff8f03746bc9a55a83

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/g3_close.jpg HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/jpeg
content-length: 40609
last-modified: Tue, 12 Mar 2024 16:35:35 GMT
etag: "65f08457-9ea1"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6956
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rCMLji4UgUHvYICKZuImiivEw3%2FzOdl7xitawxSoYZ65llvkgyY2FzBc9UpCpBBbQwn03BChlz8zpey%2FVonjUnwQer2K8qUJ5Ls%2Fbrd5w4thl0jd1GbFlQuxS2wOEBaiFOLKvst6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd70b2756a5-OSL
alt-svc: h3=":443"; ma=86400

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g1_open.jpg

104.21.58.193

200 OK

84 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g1_open.jpg
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x1071, components 3
Size
84 kB (84260 bytes)
Hash
a3efbcb7561dddaeb36ba22fb8fae56f
a9363a7f6b6e9a5a6dcbb37a0abfa7bb3ab3ea1d
d95424c3f3857c13ff9f6a957f805b188a568ce769b51ee9fe68c8fd3537b319

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/g1_open.jpg HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/jpeg
content-length: 84260
last-modified: Tue, 12 Mar 2024 16:35:34 GMT
etag: "65f08456-14924"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6956
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b817r2TLLZWzVqXWcYTZklcKXq9RuuQ7wYOqyT6ux9xz8kUJYuXBzKHj2P6MUssCgETnbOM38WsdrVywAyA2Ntc4bADyoabOAjOz3Kff4ZPOgL%2F4CI7R3cdOBiVcUONMnkCJTH3S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd6fb0d56a5-OSL
alt-svc: h3=":443"; ma=86400

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g2_open.jpg

104.21.58.193

200 OK

80 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g2_open.jpg
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x1071, components 3
Size
80 kB (79598 bytes)
Hash
12e061b10b2c654a24ea704af3aaec43
9c506625e1fa700f0e6522cced2a53b0cde2bd54
d321fc26bb399bd642b1a3ae059a03308d286526e6b87a9cb37ba63833673372

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/g2_open.jpg HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/jpeg
content-length: 79598
last-modified: Tue, 12 Mar 2024 16:35:35 GMT
etag: "65f08457-136ee"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6956
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNRDxBBfpGLNLltcJzmfPH2MLyH7YoTn76odFnQZNIuIZ9qXLBTZl%2BuO%2BCotxi5O2dTh9r38%2F2ljwbLdx7DhxXmcXzQqXUYHSD8it%2FJzcg82Q5MvKalW87HjBiRzaokhRxDDQ0gF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd6fb1056a5-OSL
alt-svc: h3=":443"; ma=86400

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g2_close.jpg

104.21.58.193

200 OK

42 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g2_close.jpg
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x1071, components 3
Size
42 kB (41478 bytes)
Hash
955f59a0876a28b432c71c0d274727c7
789778a09f2fa8f8bd24be2bb781914f5070dd3d
40e8cd16f27d5d6a0cfd007881651ef8acd93ba95423c05741bc410454eabf40

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/g2_close.jpg HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/jpeg
content-length: 41478
last-modified: Tue, 12 Mar 2024 16:35:34 GMT
etag: "65f08456-a206"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6956
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tB6k36FWHcIApzRW67%2FScXsqgSsNCBqTQDx%2FtDn%2FVQT%2BfzQZD9CEvy40N7FZ4uO9QguDS1pfKHOs2Mz9oaLBc9%2Bd%2BnzOjwr9ZNyIrPPdors6Kg4p%2F6fXkygjKo2VgcXU%2BxemgDS1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd70b1d56a5-OSL
alt-svc: h3=":443"; ma=86400

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g4_open.jpg

104.21.58.193

200 OK

73 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g4_open.jpg
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x1071, components 3
Size
73 kB (72874 bytes)
Hash
c37fec311feadcbd0c77987b383b0596
9a8f5df2805241f6bc484151dc31f3b72bb9a196
a61a23797d6b68ed79222d950596e90da320e59f8ee23e7eb776c94ee0d6734c

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/g4_open.jpg HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/jpeg
content-length: 72874
last-modified: Tue, 12 Mar 2024 16:35:36 GMT
etag: "65f08458-11caa"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6956
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R3W01HU1W5DPTWcN3Q8Ez8DZQxC3ZJ4kGHfvbelZRa%2FQ%2FGWEYfH%2BJd1gttA7ilMbyVlXd7NE8Z4IbDFKAULm7yqtIKAjrl%2FCCTaxMbIIvJ0X3TxpfAJnA%2BlqUSZdvDMHu4itwLDG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd70b2a56a5-OSL
alt-svc: h3=":443"; ma=86400

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g4_close.jpg

104.21.58.193

200 OK

41 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/g4_close.jpg
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x1071, components 3
Size
41 kB (40656 bytes)
Hash
4735a029efd2d2e8b15fab5879842219
82ac18ec8aae9a2cc311cdb3b92862e56d161f99
11c0bdd5fc2ba1dfea6ccaedded312f27fd5d5ddf21f24ee607ad05c2c0f197b

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/g4_close.jpg HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/jpeg
content-length: 40656
last-modified: Tue, 12 Mar 2024 16:35:35 GMT
etag: "65f08457-9ed0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6956
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yDfM7tvFLCD8JTWn2AuQKJy9%2BikkR65Njrjl0T2ZaBBPtblWcUW9fp1HeRN4H7%2B1LQsN%2Bnla57%2F9weltVhgc0ZWx%2FSCK5X%2F3ih1EVY5jkQe0oSWXrkGtzzlEauRTxXoyVf%2BXlalK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd70b2e56a5-OSL
alt-svc: h3=":443"; ma=86400

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
618079eb8b23c887540715f22e37d29d
aa706430c2f90df9012b24897aa5afc7b3343f0f
dfa1f1c0624702d933e177b87883301ad6e4f2f18689258b191c2b7cb0530622

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DFA1F1C0624702D933E177B87883301AD6E4F2F18689258B191C2B7CB0530622"
Last-Modified: Fri, 16 Aug 2024 06:31:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12602
Expires: Fri, 16 Aug 2024 22:42:05 GMT
Date: Fri, 16 Aug 2024 19:12:03 GMT
Connection: keep-alive

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/libs/jquery.min.js

104.21.58.193

200 OK

31 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/libs/jquery.min.js
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (31324 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/libs/jquery.min.js HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: application/javascript
last-modified: Tue, 12 Mar 2024 16:35:38 GMT
etag: W/"65f0845a-1538f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 469
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oGQXIsqDgtv5OkoLyTTWxSqD5VJn99DP%2FAPNSFxqAx2gs0dBuFaCx7vtJacsx2B%2FW9iZeQ5ASlf2C38IH58QeGTNQPQGyMOU7gztZ9r429U3weklLxq9NXUnSbBif%2FFx7OJoNphA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd4af1456a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
78779700491f06b9bd16853002a6d348
ca0d2f857602a5dedef2b775e0614dab6db5ca25
8d543f541355a80381314d76b890c6a3f43ded3b3bdf7472207d6a9ecc5b48be

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 16 Aug 2024 19:12:03 GMT
Last-Modified: Fri, 16 Aug 2024 17:25:54 GMT
Server: ECAcc (ska/F77E)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JTLy4QnalfoNwMA8VDJ9bUqre0eGCqErnPxd0ElGVr0itvXYn8Heww==
Age: 6369

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/fav.png

104.21.58.193

200 OK

1.4 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/image/fav.png
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
1.4 kB (1425 bytes)
Hash
10c5dd857fd3653492ef5eeaa86cd48b
193484a907a40d7b145af2136ef83bef593d2f21
a689201508b9dc7b2cc3049c7d89947f96a19790411506ecd6eb1875374fe329

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/image/fav.png HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:04 GMT
content-type: image/png
content-length: 1425
last-modified: Tue, 12 Mar 2024 16:35:33 GMT
etag: "65f08455-591"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6190
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rwqHZY%2Fl6GZ%2Bz4zcuAonRtnGFpOLf3SaH75UAqjUbqz0a6Y2%2BURl%2FR%2Br9XuGep1r4YywwcA%2FNrkrNBelmoy2xoqZ5hfr4kfQOROgJ1y3cpAoQvsgcb2SgFsIMud2L9lxgPy73raw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd8fddb56a5-OSL
alt-svc: h3=":443"; ma=86400

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c14cfb85dc9ceb923d7d3c3648719d2
10ea83f83398870f50ca771216ad77bd95aa66cc
bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13836
Expires: Fri, 16 Aug 2024 23:02:40 GMT
Date: Fri, 16 Aug 2024 19:12:04 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.10

504 B

URL
r11.o.lencr.org/
IP
23.33.119.10:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c14cfb85dc9ceb923d7d3c3648719d2
10ea83f83398870f50ca771216ad77bd95aa66cc
bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13820
Expires: Fri, 16 Aug 2024 23:02:24 GMT
Date: Fri, 16 Aug 2024 19:12:04 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3c14cfb85dc9ceb923d7d3c3648719d2
10ea83f83398870f50ca771216ad77bd95aa66cc
bc868b2a34fe0c66d7a2dc1754676cc4031891c797fdd23e82d135559bd82c1b

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BC868B2A34FE0C66D7A2DC1754676CC4031891C797FDD23E82D135559BD82C1B"
Last-Modified: Thu, 15 Aug 2024 09:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13836
Expires: Fri, 16 Aug 2024 23:02:40 GMT
Date: Fri, 16 Aug 2024 19:12:04 GMT
Connection: keep-alive

proftrafficcounter.com/px.gif?akey=28407dccfb372e83ee9d49a69f097187

35.157.218.37

307 Temporary Redirect

0 B

URL GET HTTP/2
proftrafficcounter.com/px.gif?akey=28407dccfb372e83ee9d49a69f097187
IP
35.157.218.37:443
ASN
#16509 AMAZON-02

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px.gif?akey=28407dccfb372e83ee9d49a69f097187 HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Fri, 16 Aug 2024 19:12:04 GMT
content-type: image/gif
content-length: 0
location: https://experttrafficmonitor.com/dbs?uuid=a1d376eb-5b66-4541-80d8-ea8dfb0af9c3&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoyLCJhY3VzIjoxLCJhY2kiOnsiMTkyMSI6MTcyMzgzNTUyNH0sImFjY2wiOnsiMjAsMCI6MTcyMzgzNTUyNH19.QEPTzGRdC0wQ3nuW6PSHz_sX1k6C0DF2QfpKhb4UW7o
server: nginx/1.21.6
set-cookie: uid_id2=a1d376eb-5b66-4541-80d8-ea8dfb0af9c3:2:1; expires=Mon, 14 Aug 2034 19:12:04 GMT; secure; SameSite=None
ak=1921,1723835524; expires=Thu, 14 Nov 2024 19:12:04 GMT; secure; SameSite=None
acl=20,0,1723835524; expires=Thu, 14 Nov 2024 19:12:04 GMT; secure; SameSite=None
expires: Fri, 16 Aug 2024 19:12:04 GMT
cache-control: max-age=0, : no-cache
X-Firefox-Spdy: h2

experttrafficmonitor.com/dbs?uuid=a1d376eb-5b66-4541-80d8-ea8dfb0af9c3&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoyLCJhY3VzIjoxLCJhY2kiOnsiMTkyMSI6MTcyMzgzNTUyNH0sImFjY2wiOnsiMjAsMCI6MTcyMzgzNTUyNH19.QEPTzGRdC0wQ3nuW6PSHz_sX1k6C0DF2QfpKhb4UW7o

35.157.218.37

200 OK

7 B

URL GET HTTP/2
experttrafficmonitor.com/dbs?uuid=a1d376eb-5b66-4541-80d8-ea8dfb0af9c3&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoyLCJhY3VzIjoxLCJhY2kiOnsiMTkyMSI6MTcyMzgzNTUyNH0sImFjY2wiOnsiMjAsMCI6MTcyMzgzNTUyNH19.QEPTzGRdC0wQ3nuW6PSHz_sX1k6C0DF2QfpKhb4UW7o
IP
35.157.218.37:443
ASN
#16509 AMAZON-02

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dbs?uuid=a1d376eb-5b66-4541-80d8-ea8dfb0af9c3&j=eyJhbGciOiJIUzI1NiJ9.eyJhY2FuIjoyLCJhY3VzIjoxLCJhY2kiOnsiMTkyMSI6MTcyMzgzNTUyNH0sImFjY2wiOnsiMjAsMCI6MTcyMzgzNTUyNH19.QEPTzGRdC0wQ3nuW6PSHz_sX1k6C0DF2QfpKhb4UW7o HTTP/1.1
Host: experttrafficmonitor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://theeverydaygame.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 16 Aug 2024 19:12:04 GMT
content-type: image/gif
content-length: 7
server: nginx/1.21.6
set-cookie: uid_id2=a1d376eb-5b66-4541-80d8-ea8dfb0af9c3:2:1; expires=Mon, 14 Aug 2034 19:12:04 GMT; secure; SameSite=None
ak=1921,1723835524; expires=Thu, 14 Nov 2024 19:12:04 GMT; secure; SameSite=None
acl=20,0,1723835524; expires=Thu, 14 Nov 2024 19:12:04 GMT; secure; SameSite=None
expires: Fri, 16 Aug 2024 19:12:04 GMT
cache-control: max-age=0, : no-cache
X-Firefox-Spdy: h2

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css

104.21.58.193

200 OK

8.8 kB

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/css/main.css
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
ASCII text
Size
8.8 kB (8814 bytes)
Hash
fe0b76350b350c505af8892b3fb2d60b
ef4c2c4974e98708c9586248f502ec7a42ea9259
d95650f7fef33e32e64ea982168684f103e294fcf7e2df8a1c833929a7c1745d

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/css/main.css HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: text/css
last-modified: Tue, 12 Mar 2024 16:35:32 GMT
etag: W/"65f08454-ce3"
cache-control: max-age=14400
cf-cache-status: HIT
age: 469
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3KhXumOzNsuKNoHKc68qge3GJigFxHJitStshU73HIQXgDC5QxKLmn2%2BcCdQv2ds7bnDdU2%2FmyPyM6W7cugRD9FAQdnIPlm2UmKMa2v5ofCbI3I6PrHT3mbPQiNcIyfqKqVUgQyq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd4af1056a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

click.hooligs.app/?pid=1237&offer_id=49&land=884&ref_id=43f38j6ikciwjb18&sub1=906ddf4c342650fe336900ad8e4c673f&sub2=e206a54e97690cce50cc872dd70ee896&sub3=1099

188.114.96.1

302 Found

2.2 kB

URL User Request GET HTTP/2
click.hooligs.app/?pid=1237&offer_id=49&land=884&ref_id=43f38j6ikciwjb18&sub1=906ddf4c342650fe336900ad8e4c673f&sub2=e206a54e97690cce50cc872dd70ee896&sub3=1099
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecthooligs.app
FingerprintF3:3D:54:22:B5:E5:EC:D2:DC:3C:31:DD:18:AF:76:78:13:8D:1D:5D
ValidityFri, 05 Jul 2024 06:02:20 GMT - Thu, 03 Oct 2024 06:02:19 GMT

File type

Size
2.2 kB (2176 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pid=1237&offer_id=49&land=884&ref_id=43f38j6ikciwjb18&sub1=906ddf4c342650fe336900ad8e4c673f&sub2=e206a54e97690cce50cc872dd70ee896&sub3=1099 HTTP/1.1
Host: click.hooligs.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 16 Aug 2024 19:12:02 GMT
content-type: text/html; charset=utf-8
location: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
x-clickid: 4def0000849c3a81
x-frame-options: DENY
vary: Accept-Language, Origin
content-language: en
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
set-cookie: haff_cid:1237:49=4def0000849c3a81; expires=Sat, 17 Aug 2024 19:12:02 GMT; Max-Age=86400; Path=/
strict-transport-security: max-age=43200
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=deo%2BRCY24KPFgZcb13%2Fkrpf2ISN2xc74Ng%2BQTJeMrz7y%2Bx04Q9cCKgqtYtktYTdRNo0me8DbRE9muoK4wPL95bRztgipafE7PQo5JvfxHFi2UwdniBJxZeCeDVsk9dkgNICyyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b43bbd19d6b568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/scripts/main.js

104.21.58.193

200 OK

521 B

URL GET HTTP/3
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/scripts/main.js
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (567), with no line terminators
Size
521 B (521 bytes)
Hash
42a310913ab3c9f8c9241c154fd7af4a
8acd5b33349b86bb7ea9da2f609ca7230ad5761d
ac4d23ed1f3208f4515cb3561fc74ece439d34496675ae90917061a858c7b79a

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/scripts/main.js HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: application/javascript
last-modified: Tue, 12 Mar 2024 16:35:38 GMT
etag: W/"65f0845a-209"
cache-control: max-age=14400
cf-cache-status: HIT
age: 469
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uel8sccxQHDq%2BjiEEycakFyhl%2Ffw2W%2FkhG%2Bfx8jIDJXnhPf4PoUpYIgcPscntRU6ALuJfRp2SAKWhdbwJrZVepT4FSZjrts7FnMLWsZtBK0PhZCznj%2B5SMior1jv%2Bq%2BuyOW1LX5T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd4bf3756a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

theeverydaygame.com/awpx_click.js?v=005

104.21.58.193

200 OK

1.5 kB

URL GET HTTP/3
theeverydaygame.com/awpx_click.js?v=005
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
ASCII text, with very long lines (1544), with no line terminators
Size
1.5 kB (1490 bytes)
Hash
684379265eb9f58cc45bc0d82f0db964
dcceb2eb66dd485a8df52da17210e1ea660354ee
45f7be3af362b2f0b894e51e8394ecc08066d8b9004fb095ba7665edbd8ce078

HTTP Headers

GET /awpx_click.js?v=005 HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: application/javascript
last-modified: Thu, 09 Mar 2023 09:49:36 GMT
etag: W/"6409abb0-5d2"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2205
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5LdS30O6L4P8ztwtc4fGMgWCHSls1dnGli%2F%2F67qgU2g%2FvvZghtSVZx%2Bve1pBePOZnHY1OGdxEUJhdV1K8l6e3xJ5BYAbXxqb5Y6kdNSMOc5fDS4qY%2FCySInTLzh782jOa9U3XMv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd4bf1856a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ln.gamesrevenue.com/px1.js

5.161.79.44

200 OK

15 kB

URL GET HTTP/2
ln.gamesrevenue.com/px1.js
IP
5.161.79.44:443
ASN
#213230 Hetzner Online GmbH

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerLet's Encrypt
Subject*.gamesrevenue.com
FingerprintDF:02:38:51:6A:B2:64:74:20:58:40:1D:A7:0F:81:A9:0F:5B:60:1E
ValidityWed, 10 Jul 2024 09:43:36 GMT - Tue, 08 Oct 2024 09:43:35 GMT

File type
ASCII text, with very long lines (15239)
Size
15 kB (15240 bytes)
Hash
b01fc426cbc4f33a52a28ee9ca2e2050
577332c8c5f62167ad432c5d20b3ca285e75c91e
d40fc3bebe2dc3c28f08f2f4f5a6059425ccc5541ada3f0945f7539e90374441

HTTP Headers

GET /px1.js HTTP/1.1
Host: ln.gamesrevenue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: application/javascript
last-modified: Fri, 22 Dec 2023 10:12:56 GMT
etag: W/"65856128-3b88"
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&lr=1&partner=4525db4116ed1c87c5ad9a1c2cb785cedc7f7ec9dfd0157a058f115a95fabcf3

139.45.195.8

200 OK

43 B

URL GET HTTP/2
my.rtmark.net/img.gif?f=sync&lr=1&partner=4525db4116ed1c87c5ad9a1c2cb785cedc7f7ec9dfd0157a058f115a95fabcf3
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint4B:EF:80:EB:90:B5:8C:01:82:25:B6:92:59:BE:A9:6A:C7:83:75:8E
ValidityFri, 05 Jul 2024 22:30:11 GMT - Thu, 03 Oct 2024 22:30:10 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&lr=1&partner=4525db4116ed1c87c5ad9a1c2cb785cedc7f7ec9dfd0157a058f115a95fabcf3 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0880bad25f0647fcfa08ee0dc66564cb; expires=Sat, 16 Aug 2025 19:12:03 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

lustgoddess.buzz/c1sbl0k.php?key=6qqdgzsfv7yqqxf7s7ax&SUBID=2408161412f5a8a59f3ab94bd7b9fa8a7835&cost=0.00065836735&zoneid=462966&os=linux&device=desktop&browser=firefox&campaignid=3042712&bannerid=4188691&carrier=Blix+Group+As&connection_type=other&t9=4188691&t10=462966

94.130.72.48

302 Found

2.2 kB

URL User Request GET HTTP/1.1
lustgoddess.buzz/c1sbl0k.php?key=6qqdgzsfv7yqqxf7s7ax&SUBID=2408161412f5a8a59f3ab94bd7b9fa8a7835&cost=0.00065836735&zoneid=462966&os=linux&device=desktop&browser=firefox&campaignid=3042712&bannerid=4188691&carrier=Blix+Group+As&connection_type=other&t9=4188691&t10=462966
IP
94.130.72.48:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectlustgoddess.buzz
Fingerprint2B:DE:32:4D:5A:E9:94:46:97:E1:54:A4:5A:F7:4E:21:C9:F7:F0:63
ValidityThu, 18 Jul 2024 11:00:18 GMT - Wed, 16 Oct 2024 11:00:17 GMT

File type

Size
2.2 kB (2176 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c1sbl0k.php?key=6qqdgzsfv7yqqxf7s7ax&SUBID=2408161412f5a8a59f3ab94bd7b9fa8a7835&cost=0.00065836735&zoneid=462966&os=linux&device=desktop&browser=firefox&campaignid=3042712&bannerid=4188691&carrier=Blix+Group+As&connection_type=other&t9=4188691&t10=462966 HTTP/1.1
Host: lustgoddess.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.26.1
Date: Fri, 16 Aug 2024 19:12:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=j6ikciwj; expires=Sat, 17 Aug 2024 19:12:02 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=j6ikciwj-j6ikciwj-2tqq-0-7vxo-2t7swj-2t7si4-aab0f2; expires=Sat, 17 Aug 2024 19:12:02 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://click.hooligs.app/?pid=1237&offer_id=49&land=884&ref_id=43f38j6ikciwjb18&sub1=906ddf4c342650fe336900ad8e4c673f&sub2=e206a54e97690cce50cc872dd70ee896&sub3=1099
Strict-Transport-Security: max-age=31536000

twistconcept.com/index.min.js?pk=28407dccfb372e83ee9d49a69f097187

104.21.86.46

200 OK

653 B

URL GET HTTP/2
twistconcept.com/index.min.js?pk=28407dccfb372e83ee9d49a69f097187
IP
104.21.86.46:443
ASN
#13335 CLOUDFLARENET

Requested by
https://theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
Certificate
IssuerGoogle Trust Services
Subjecttwistconcept.com
FingerprintF3:17:8A:A1:CC:76:1F:1A:EE:B4:14:51:1B:FD:F0:E3:C6:F5:F6:D8
ValidityFri, 19 Jul 2024 07:04:23 GMT - Thu, 17 Oct 2024 07:04:22 GMT

File type
JavaScript source, ASCII text, with very long lines (656), with no line terminators
Size
653 B (653 bytes)
Hash
e1b26acebd3ad2c11bf53fe6e99737ec
8676d5c0973a09d71c95b427cd453d5514e77eac
56b092f22e468081835fe837e953180a39406307c0a889e135da563bc8d60e41

HTTP Headers

GET /index.min.js?pk=28407dccfb372e83ee9d49a69f097187 HTTP/1.1
Host: twistconcept.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://theeverydaygame.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: application/javascript
last-modified: Thu, 23 Nov 2023 13:06:26 GMT
etag: W/"655f4e52-28d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1505
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZU7lbdGfIAWoD%2FUnZypRq1AsDugBvKnkq9r7KGBdJOLFNHNsxO4sch0cRbct7lk7lo23LLtwHlUlvFe55Zngy38iSW%2BIHZKM23iRXp7BoYwBkJUuhB18PFFDVKNbXPuYFhMr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b43bbd70b4cb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs

104.21.58.193

200 OK

2.2 kB

URL User Request GET HTTP/2
theeverydaygame.com/lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs
IP
104.21.58.193:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecttheeverydaygame.com
Fingerprint9B:C0:4D:A2:C5:A3:30:91:89:34:87:E6:D4:E1:88:5B:D6:33:91:39
ValidityThu, 27 Jun 2024 16:38:53 GMT - Wed, 25 Sep 2024 16:38:52 GMT

File type
HTML document, ASCII text, with very long lines (2351), with no line terminators
Size
2.2 kB (2176 bytes)
Hash
ede3110f26ad70315531337fd42c3823
be911d5e0e4bd8a1dc3252f5ea6035d6c8884776
3c2f4569224c4f961a2f6f32bb2ebc980eae963bca51589c88d15c7c1f354eef

HTTP Headers

GET /lg/lg_0324/land_lg_140324_en/?haff_pid=1237&haff_oid=49&haff_cid=4def0000849c3a81&haff_sub1=906ddf4c342650fe336900ad8e4c673f&haff_sub2=e206a54e97690cce50cc872dd70ee896&haff_sub3=1099&haff_tag=rs HTTP/1.1
Host: theeverydaygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 Aug 2024 19:12:03 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lgnoz%2BwUhtkwNHDbdlmrwvzZF9XzCyWgXrqiZKxjW2VfkaW8n7hJpvb2Y%2B0BJC%2FXdL4hwk08D7LNbMEag9zySILHt7kpRqRqOZ8krWzL8IJaa7Zp1YjvS%2FmSoFyvlsvyi9oMdNX0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b43bbd23f2cb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (35)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN